Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method performed within a network accessible server-based architecture for granting permission for a machine action comprising: receiving, at one or more processing devices, a machine generated request associated with a source, where the machine generated request comprises request parameters that include a requested machine action, a target recipient of the requested machine action, and the source of the requested machine action; deriving a request hash of the request parameters; accessing with the one or more processing devices a stored set of capabilities on a memory operably coupled to the one or more processing devices, the memory comprising a device for storing and retrieving data, where each of the one or more capabilities comprises a capability hash of permission parameters that include a permissible action, a specified recipient of the permissible action, and a specified source of the permissible action; for each of the one or more capabilities in the stored set of capabilities: determining with the one or more processing devices whether the request hash of the request parameters associated with the machine generated request match the capability hash of the permission parameters associated with the capability; and granting permission to apply the machine generated request to the target recipient when a match of the request hash and the capability hash is determined wherein at least one of the source and the target recipient reside outside of the network accessible server-based architecture.
A server-based system grants permission for machine actions. When a machine makes a request (containing the action, the target, and the source), the system calculates a hash of these request parameters. The system stores a set of authorized "capabilities," each with a pre-calculated hash representing allowed actions, recipients, and sources. For each capability, the system compares the request hash to the capability hash. If they match, the system grants permission for the machine to perform the requested action on the target. Crucially, either the source or target of the request resides outside the server's direct network.
2. The method for granting permission for a machine action of claim 1 , where the source, the specified source, the target recipient and the specified recipient comprises any one or more of an identifier of an application, an identifier of a machine and an identification attribute.
In the machine action permission system described previously, the source, specified source, target recipient, and specified recipient can be identified using one or more of: an application identifier, a machine identifier, or some other identification attribute. For example, the 'source' could be "Application X," the 'target recipient' could be "Machine Y," and these identifiers are used to determine permission.
3. The method for granting permission for a machine action of claim 1 , where the requested machine action comprises applying to the target recipient any one or more action of: creating, updating, deleting, messaging, applying software updates and reading an associated state.
In the machine action permission system described previously, the requested machine action can include any of the following actions applied to the target recipient: creating data, updating data, deleting data, sending a message, applying software updates, or reading the target recipient's associated state. For example, the system could grant "Application X" permission to "update" data on "Machine Y."
4. The method for granting permission for a machine action of claim 1 , further comprising adding, deleting or modifying one or more capabilities to the stored set of capabilities.
In the machine action permission system described previously, the system allows administrators to dynamically manage the permissions by adding new capabilities, deleting existing capabilities, or modifying the parameters of existing capabilities in the stored set. This means the rules governing allowed actions can be updated on the fly.
5. The method for granting permission for a machine action of claim 1 , where any of the source, the specified source, the target recipient and the specified recipient is identified using a unique identifier.
In the machine action permission system described previously, the source, specified source, target recipient, and specified recipient are each identified using a unique identifier. For example, a universally unique identifier (UUID) could be used to represent each application, machine, or user to ensure unambiguous identification when checking permissions.
6. The method for granting permission for a machine action of claim 1 , where any of the source, the specified source, the target recipient and the specified recipient comprises a symbolic name.
In the machine action permission system described previously, the source, specified source, target recipient, and specified recipient can be identified using a symbolic name (e.g., "printer_server" or "user_john"). This allows for more human-readable permission configurations.
7. The method for granting permission for a machine action of claim 6 , further comprising resolving the symbolic name into a unique identifier.
In the machine action permission system utilizing symbolic names, as described previously, the system resolves the symbolic name into a unique identifier before performing the permission check. This involves looking up the unique identifier associated with the symbolic name in a directory or mapping service.
8. The method for granting permission for a machine action of claim 7 , where the symbolic name is resolved into the unique identifier before a hash is calculated.
In the machine action permission system that resolves symbolic names into unique identifiers, as described previously, the symbolic name is resolved into its corresponding unique identifier *before* the request hash or capability hash is calculated. The hashes are then based on the unique identifiers, not the symbolic names.
9. The method for granting permission for a machine action of claim 7 , where the symbolic name is resolved into a unique identifier before determining the match between the request hash and the capability hash.
In the machine action permission system that resolves symbolic names into unique identifiers, as described previously, the symbolic name is resolved into its corresponding unique identifier *before* determining the match between the request hash and the capability hash. This ensures the comparison is done using consistent identifiers.
10. A system implemented using a network accessible server-based architecture for granting permission for a machine action comprising: one or more processing devices; and a memory operably coupled to the one or more processing devices, the memory comprising a device for storing and retrieving data, wherein the memory stores instructions to be executed by the one or more processing devices, the instructions for configuring the system to: receive at the one or more processing devices a machine generated request, associated with a source, where the machine generated request comprises request parameters that include a requested machine action, a target recipient of the requested machine action, and the source of the requested machine action; derive a request hash of the request parameters; access with the one or more processing devices a stored set of capabilities on the memory, where each of the one or more capabilities comprises a capability hash of permission parameters that include a permissible action, a specified recipient of the permissible action, and a specified source of the permissible action; for each of the one or more capabilities in the stored set of capabilities: determine with the one or more processing devices whether the request hash of the request parameters associated with the machine generated request match the capability hash of the permission parameters associated with the capability; and grant permission to apply the machine generated request to the target recipient when a match of the request hash and the capability hash is determined wherein at least one of the source and the target recipient reside outside of the network accessible server-based architecture.
A server-based system grants permission for machine actions. When a machine makes a request (containing the action, the target, and the source), the system calculates a hash of these request parameters. The system stores a set of authorized "capabilities," each with a pre-calculated hash representing allowed actions, recipients, and sources. For each capability, the system compares the request hash to the capability hash. If they match, the system grants permission for the machine to perform the requested action on the target. Crucially, either the source or target of the request resides outside the server's direct network. The system includes processing devices and memory storing instructions to perform these actions.
11. The system for granting permission for a machine action of claim 10 , where the source, the specified source, the target recipient and the specified recipient comprises any one or more of an identifier of an application, an identifier of a machine and an identification attribute.
In the machine action permission system described previously, the source, specified source, target recipient, and specified recipient can be identified using one or more of: an application identifier, a machine identifier, or some other identification attribute. For example, the 'source' could be "Application X," the 'target recipient' could be "Machine Y," and these identifiers are used to determine permission.
12. The system for granting permission for a machine action of claim 10 , where the requested machine action comprises applying to the target recipient any one or more action of: creating, updating, deleting, messaging, applying software updates and reading an associated state.
In the machine action permission system described previously, the requested machine action can include any of the following actions applied to the target recipient: creating data, updating data, deleting data, sending a message, applying software updates, or reading the target recipient's associated state. For example, the system could grant "Application X" permission to "update" data on "Machine Y."
13. The system for granting permission for a machine action of claim 10 , further comprising adding, deleting or modifying one or more capabilities to the stored set of capabilities.
In the machine action permission system described previously, the system allows administrators to dynamically manage the permissions by adding new capabilities, deleting existing capabilities, or modifying the parameters of existing capabilities in the stored set. This means the rules governing allowed actions can be updated on the fly.
14. The system for granting permission for a machine action of claim 10 , where any of the source, the specified source, the target recipient and the specified recipient is identified using a unique identifier.
In the machine action permission system described previously, the source, specified source, target recipient, and specified recipient are each identified using a unique identifier. For example, a universally unique identifier (UUID) could be used to represent each application, machine, or user to ensure unambiguous identification when checking permissions.
15. The system for granting permission for a machine action of claim 10 , where any of the source, the specified source, the target recipient and the specified recipient comprises a symbolic name.
In the machine action permission system described previously, the source, specified source, target recipient, and specified recipient can be identified using a symbolic name (e.g., "printer_server" or "user_john"). This allows for more human-readable permission configurations.
16. The system for granting permission for a machine action of claim 15 , further comprising resolving the symbolic name into a unique identifier.
In the machine action permission system utilizing symbolic names, as described previously, the system resolves the symbolic name into a unique identifier before performing the permission check. This involves looking up the unique identifier associated with the symbolic name in a directory or mapping service.
17. The system for granting permission for a machine action of claim 16 , where the symbolic name is resolved into the unique identifier before a hash is calculated.
In the machine action permission system that resolves symbolic names into unique identifiers, as described previously, the symbolic name is resolved into its corresponding unique identifier *before* the request hash or capability hash is calculated. The hashes are then based on the unique identifiers, not the symbolic names.
18. The system for granting permission for a machine action of claim 16 , where the symbolic name is resolved into a unique identifier before determining the match between the request hash and the capability hash.
In the machine action permission system that resolves symbolic names into unique identifiers, as described previously, the symbolic name is resolved into its corresponding unique identifier *before* determining the match between the request hash and the capability hash. This ensures the comparison is done using consistent identifiers.
Unknown
December 5, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.